CISSP: Certified Information Systems Security Professional | IT Training & Certification | Info Trek
Respect Your Dreams
Follow through on your goals with courses

CISSP: Certified Information Systems Security Professional

(ISC)² IT Security

Location

Format What’s this?

Ways to train

Classroom
Live, instructor-led training in a standard, professional classroom environment

Virtual
Live, instructor-led training conducted over the internet, with hands-on labs

Online
An online, HTML5, self-paced learning experience available for all courses

On-site
Private training for your entire team, delivered at your location, a training center, or online

Video classroom
High-definition video of our most popular courses, streamed to your laptop or personal device

Learn more about our training formats
  1. 5 Days
  1. All of our private classes are customized to your organization's needs.
  2. Click on the button below to send us your details and you will be contacted shortly.

Already purchased this offering? Log in

Request more information

Inquiry for: Myself    My Company

By providing your contact details, you agree to our Privacy Policy

 

 

 

Thank You

Our learning consultant will get back to you in 1 business day

CISSP: Certified Information Systems Security Professional

INTRODUCTION

In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish holistic security programs that assure the protection of organizations' information assets. That's where the CISSP comes in.

The CISSP helps you:

  • Validate your proven competence gained through years of experience in information security
  • Demonstrate your technical knowledge, skills, and abilities to effectively develop a holistic security program set against globally accepted standards
  • Differentiate yourself from other candidates for desirable job openings in the fast-growing information security market
  • Affirm your commitment to the field and ongoing relevancy through continuing professional education and understanding of the most current best practices
  • Gain access to valuable career resources, such as networking and ideas exchange with peers

Audience

This course is designed for Information Technology Professionals who wish to attain CISSP certification and facilitate their growth as a security professional

Methodology

This program will be conducted with interactive lectures, PowerPoint presentation, discussions and practical exercise

Course Objectives

Upon completion of this program, participants should be able to :

  • Concepts of confidentiality, integrity and availability
  • Security threats, safeguards, vulnerabilities and attacks
  • Risk management processes
  • Building blocks of information security
  • Security awareness programs
  • IS audit process

Security management entails the identification of an organization's information assets and the development, documentation, and implementation of policies, standards, procedures, and guidelines.

Management tools such as data classification and risk assessment/analysis are used to identify threats, classify assets, and to rate system vulnerabilities so that effective controls can be implemented

Expand All

Modules

Security and Risk Management (Security, Risk, Compliance, Law, Regulations, and Business Continuity)
  • Understand and apply concepts of confidentiality, integrity and availability
  • Apply security governance principles through:
    • Alignment of security function to strategy, goals, mission, and objectives
    • (e.g., business case, budget and resources)
    • Organizational processes (e.g., acquisitions, divestitures, governance
    • committees)
    • Security roles and responsibilities
    • Control frameworks
    • Due care
    • Due diligence
  • Compliance
    • Legislative and regulatory compliance
    • C.2 Privacy requirements compliance
  • Understand legal and regulatory issues that pertain to information security in a global context
    • Computer crimes
    • Licensing and intellectual property (e.g., copyright, trademark, digital-rights
    • Import/export controls
    • Trans-border data flow
    • Privacy
    • Data breaches
  • Understand professional ethics
  • Exercise (ISC)² Code of Professional Ethics
  • Support organization’s code of ethics
  • Develop and implement documented security policy, standards, procedures, and guidelines
  • Understand business continuity requirements
    • Develop and document project scope and plan
    • Conduct business impact analysis
  • Contribute to personnel security policies
    • Employment candidate screening (e.g., reference checks, education verification)
    • Employment agreements and policies
    • Employment termination processes
    • Vendor, consultant, and contractor controls
    • Compliance
    • Privacy
  • Understand and apply risk management concepts
    • Identify threats and vulnerabilities
    • Risk assessment/analysis (qualitative, quantitative, hybrid)
    • Risk assignment/acceptance (e.g., system authorization)
    • Countermeasure selection
    • Implementation
    • Types of controls (preventive, detective, corrective, etc.)
    • Control assessment
    • Monitoring and measurement
    • Asset valuation
    • Reporting
    • Continuous improvement
    • Risk frameworks
  • Understand and apply threat modeling
    • Identifying threats (e.g., adversaries, contractors, employees, trusted
    • partners)
    • Determining and diagramming potential attacks (e.g., social engineering,
    • spoofing)
    • Performing reduction analysis
    • Technologies and processes to remediate threats (e.g., software architecture and operations)
  • Integrate security risk considerations into acquisition strategy and practice
    • Hardware, software, and services
    • Third-party assessment and monitoring (e.g., on-site assessment, document
    • exchange and review, process/policy review)
    • Minimum security requirements
    • Service-level requirements
  • Establish and manage information security education, training, and awareness
    • Appropriate levels of awareness, training, and education required within
    • organization
    • Periodic reviews for content relevancy


Asset Security (Protecting Security of Assets)
  • Classify information and supporting assets (e.g., sensitivity, criticality)
  • Determine and maintain ownership (e.g., data owners, system owners, business/mission owners)
  • Protect privacy
    • Data owners
    • Data processers
    • Data remanence
    • Collection limitation
  • Ensure appropriate retention (e.g., media, hardware, personnel)
  • Determine data security controls (e.g., data at rest, data in transit)
    • Baselines
    • Scoping and tailoring
    • Standards selection
    • Cryptography
  • Establish handling requirements (markings, labels, storage, destruction of sensitive information)


Security Engineering (Engineering and Management of Security)
  • Implement and manage engineering processes using secure design principles
  • Understand the fundamental concepts of security models (e.g., Confidentiality,
  • Integrity, and Multi-level Models)
  • Select controls and countermeasures based upon systems security evaluation models
  • Understand security capabilities of information systems (e.g., memory protection,
  • virtualization, trusted platform module, interfaces, fault tolerance)
  • Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
    • Client-based (e.g., applets, local caches)
    • Server-based (e.g., data flow control)
    • Database security (e.g., inference, aggregation, data mining, data analytics,
    • warehousing)
    • Large-scale parallel data systems
    • Distributed systems (e.g., cloud computing, grid computing, peer to peer)
    • Cryptographic systems
    • Industrial control systems (e.g., SCADA)
  • Assess and mitigate vulnerabilities in web-based systems (e.g., XML, OWASP)
  • Assess and mitigate vulnerabilities in mobile systems
  • Assess and mitigate vulnerabilities in embedded devices and cyber-physical
  • systems (e.g., network-enabled devices, Internet of things (loT))
  • Apply cryptography
  • Cryptographic life cycle (e.g., cryptographic limitations, algorithm/protocol
  • governance)
    • Cryptographic types (e.g., symmetric, asymmetric, elliptic curves)
    • Public Key Infrastructure (PKI)
    • Key management practices
    • Digital signatures
    • Digital rights management
    • Non-repudiation
    • Integrity (hashing and salting)
    • Methods of cryptanalytic attacks (e.g., brute force, cipher-text only, known
  • plaintext)
  • Apply secure principles to site and facility design
  • Design and implement physical security
    • Wiring closets
    • Server rooms
    • Media storage facilities
    • Evidence storage
    • Restricted and work area security (e.g., operations centers)
    • Data center security
    • Utilities and HVAC considerations
    • Water issues (e.g., leakage, flooding)
    • Fire prevention, detection and suppression


Communication and Network Security (Designing and Protecting Network Security)
  • Apply secure design principles to network architecture (e.g., IP & non-IP protocols, segmentation)
    • OSI and TCP/IP models
    • IP networking
    • Implications of multilayer protocols (e.g., DNP3)
    • Converged protocols (e.g., FCoE, MPLS, VoIP, iSCSI)
    • Software-defined networks
    • Wireless networks
    • Cryptography used to maintain communication security
  • Secure network components
    • Operation of hardware (e.g., modems, switches, routers, wireless access points, mobile devices)
    • Transmission media (e.g., wired, wireless, fiber)
    • Network access control devices (e.g., firewalls, proxies)
    • Endpoint security
    • Content-distribution networks
    • Physical devices
  • Design and establish secure communication channels
    • Voice
    • Multimedia collaboration (e.g., remote meeting technology, instant messaging)
    • Remote access (e.g., VPN, screen scraper, virtual application/desktop, telecommuting)
    • Data communications (e.g., VLAN, TLS/SSL)
    • Virtualized networks (e.g., SDN, virtual SAN, guest operating systems, port isolation)
    • Prevent or mitigate network attacks


Identity and Access Management (Controlling Access and Managing Identity)
  • Control physical and logical access to assets
    • Information
    • Systems
    • Devices
    • Facilities
  • Manage identification and authentication of people and devices
    • Identity management implementation (e.g., SSO, LDAP)
    • Single/multi-factor authentication (e.g., factors, strength, errors, biometrics)
    • Accountability
    • Session management (e.g., timeouts, screensavers)
    • Registration and proofing of identity
    • Federated identity management (e.g., SAML)
    • Credential management systems
  • Integrate identity as a service (e.g., cloud identity)
  • Integrate third-party identity services (e.g., on premise)
  • Implement and manage authorization mechanisms
    • Role-Based Access Control (RBAC) methods
    • Rule-based access control methods
    • Mandatory Access Control (MAC)
    • Discretionary Access Control (DAC)
  • Prevent or mitigate access control attacks
  • Manage the identity and access provisioning lifecycle (e.g., provisioning, review)


Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
  • Design and validate assessment and test strategies
  • Conduct security control testing
    • Vulnerability assessment
    • Penetration testing
    • Log reviews
    • Synthetic transactions
    • Code review and testing (e.g., manual, dynamic, static, fuzz)
    • Misuse case testing
    • Test coverage analysis
    • Interface testing (e.g., API, UI, physical)
  • C. Collect security process data (e.g., management and operational controls)
    • Account management (e.g., escalation, revocation)
    • Management review
    • Key performance and risk indicators
    • Backup verification data
    • Training and awareness
    • Disaster recovery and business continuity
  • Analyze and report test outputs (e.g., automated, manual)
  • Conduct or facilitate internal and third party audits


Security Operations (Foundational Concepts, Investigations, Incident Management, and Disaster Recovery)
  • Understand and support investigations
    • Evidence collection and handling (e.g., chain of custody, interviewing)
    • Reporting and documenting
    • Investigative techniques (e.g., root-cause analysis, incident handling)
    • Digital forensics (e.g., media, network, software, and embedded devices)
  • Understand requirements for investigation types
    • Operational
    • Criminal
    • Civil
    • Regulatory
    • Electronic discovery (eDiscovery)
  • Conduct logging and monitoring activities
    • Intrusion detection and prevention
    • Security information and event management
    • Continuous monitoring
    • Egress monitoring (e.g., data loss prevention, steganography, watermarking)
  • Secure the provisioning of resources
    • Asset inventory (e.g., hardware, software)
    • Configuration management
    • Physical assets
    • Virtual assets (e.g., software-defined network, virtual SAN, guest operating systems)
    • D.5 Cloud assets (e.g., services, VMs, storage, networks)
    • D.6 Applications (e.g., workloads or private clouds, web services, software as a service)
  • Understand and apply foundational security operations concepts
    • Need-to-know/least privilege (e.g., entitlement, aggregation, transitive trust)
    • Separation of duties and responsibilities
    • Monitor special privileges (e.g., operators, administrators)
    • Job rotation
    • Information lifecycle
    • Service-level agreements
  • Employ resource protection techniques
    • Media management
    • Hardware and software asset management
  • Conduct incident management
    • Detection
    • Response
    • Mitigation
    • Reporting
    • Recovery
    • Remediation
    • Lessons learned
  • Operate and maintain preventative measures
    • Firewalls
    • Intrusion detection and prevention systems
    • Whitelisting/Blacklisting
    • Third-party security services
    • Sandboxing
    • Honeypots/Honeynets
    • Anti-malware
  • Implement and support patch and vulnerability management
  • Participate in and understand change management processes (e.g. Versioning, baselining, security impact analysis)
  • Implement recovery strategies
    • Backup storage strategies (e.g., offsite storage, electronic vaulting, tape rotation)
    • Recovery site strategies
    • Multiple processing sites (e.g., operationally redundant systems)
    • System resilience, high availability, quality of service, and fault tolerance
  • Implement disaster recovery processes
    • Response
    • Personnel
    • Communications
    • Assessment
    • Restoration
    • Training and awareness
  • Test disaster recovery plans
    • Read-through
    • Walkthrough
    • Simulation
    • Parallel
    • Full interruption
  • Participate in business continuity planning and exercises
  • Implement and manage physical security
    • Perimeter (e.g., access control and monitoring)
    • Internal security (e.g., escort requirements/visitor control, keys and locks)
  • Participate in addressing personnel safety concerns (e.g., duress, travel, monitoring)


Software Development Security (Understanding, Applying, and Enforcing Software Security)
  • Understand and apply security in the software development lifecycle
    • Development methodologies (e.g., Agile, Waterfall)
    • Maturity models
    • Operation and maintenance
    • Change management
    • Integrated product team (e.g., DevOps)
  • Enforce security controls in development environments
    • Security of the software environments
    • Security weaknesses and vulnerabilities at the source-code level (e.g., buffer overflow, escalation of privilege, input/output validation)
    • Configuration management as an aspect of secure coding
    • Security of code repositories
    • Security of application programming interfaces
  • Assess the effectiveness of software security
    • Auditing and logging of changes
    • Risk analysis and mitigation
    • Acceptance testing
  • Assess security impact of acquired software


Balasubramaniam @ Balan Ramanaidoo

Balasubramaniam @ Balan Ramanaidoo

Balasubramaniam@Balan is a certified Trainer with specialization in the field of Information Systems, Network Security and a Master's Holder in Business Administration. Being exposed to information systems and network operations-based environment, he has garnered interest in that respective field. Ever since then he has continuously updated himself with various kind of knowledge either from the area of training or having managed medium range project locally or abroad. One of the mainstream projects that was partially outsourced, in the area of complete network infrastructure implementation, configuration was handled and completed in due time which also contributed to his additional knowledge on different area of skills which could have not been obtained via certification He has served corporate giants such as LYODD Register, Kuala Lumpur City Center Berhad (KLCCB), Putrajaya Holdings (PJH), University Technology PETRONAS (UTP), Maxis Communication Berhad, Asia Pacific Broadcasting Union (ABU), United Nations Development Programme (UNDP), USAG & Kuala Lumpur Heart Care (KLHC). He is currently associated with I Tech Train & Xtenza Solutions Pvt Ltd (USA) as a Project Consultant. He has been a project manager and technical trainer since year 2007 and has educated many corporate professionals from various industries ever since then. Balan has wide knowledge and experience in Microsoft, Linux, Cisco, Security, Network Security Auditing, Datacentre Management, Design & Build and Project Management, including preparation of Project planning manual and procedures according to international standards. Apart from this he also conducts part time lectures in both public and private universities on IT related and Management subjects. Balan's extensive tutelage experiences, range from training corporate executives for Microsoft Certification, Cisco, IPv6, Networking, Information Systems Security, Network Auditing and project deployment for large MNCs. Read More

K L Ramasankara Rao

K L Ramasankara Rao

A highly competent and experienced systems and security implementation specialist and instructor with experience of system and security administration. Possessing a proven ability to impart the necessary knowledge and skills to IT professionals necessary for them to manage the day-to-day running of an IT department and its business IT systems. Extensive knowledge of monitoring and controlling data security within guidelines to ensure compliance and report on possible improvements. Well mannered, articulate and able to act as point of contact for colleagues and external clients. As a CCIE in Data Center, managing of data center networks are through software defined networks (SD-WAN) and through Implementing Cisco Network Programmability. Read More

Course Reviews

No Remarks

0

0 Ratings